When auditing is enabled, selecting for the network audit events (nt class) can cause the system to fail.
Workaround: Do not enable auditing for the network audit events (nt class) or all audit events (all class) for any user or for the default of all users. The Solaris 7 operating environment has neither of these classes enabled. Individual user audit is controlled in the /etc/security/audit_user file that has the form username:classes:classes. Do not enter the class at all or in either of the classes fields.
For example, do not modify an /etc/security/audit_user file with entries like
root:lo,nt:no bill:all:no |
Default auditing is controlled in the /etc/security/audit_control file by the flags entry that has the form flags:classes. Again, do not enter either the class all or nt in the classes field. For example, do not modify an /etc/security/audit_control file with flags entries like dir:/var/audit
flags:nt minfree:20 naflags:lo |
This problem is addressed by the Solaris 7 10683210683 patch.